Actions
Bug #22707
closed
Vulnerability in decode-uri-component
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No
Description
— check npm dependencies3s [2023-04-26T19:08:45.326Z] + npx better-npm-audit audit --level high [2023-04-26T19:08:45.604Z] ╔═════════════════════════════════════════════════════════════════════╗ [2023-04-26T19:08:45.604Z] ║ === list of exceptions === ║ [2023-04-26T19:08:45.604Z] ║ ║ [2023-04-26T19:08:45.604Z] ║ ID │ Status │ Expiry │ Notes ║ [2023-04-26T19:08:45.604Z] ║ GHSA-ww39-953v-wcq6 │ active │ │ Only a DoS, let's ignore it ║ [2023-04-26T19:08:45.604Z] ╚═════════════════════╧════════╧════════╧═════════════════════════════╝ [2023-04-26T19:08:45.604Z] [2023-04-26T19:08:48.265Z] ╔═════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗ [2023-04-26T19:08:48.265Z] ║ === npm audit security report === ║ [2023-04-26T19:08:48.265Z] ║ ║ [2023-04-26T19:08:48.265Z] ║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║ [2023-04-26T19:08:48.265Z] ║ 1088899 │ angular │ Angular (deprecated package) Cross-site Scripting │ angular │ moderate │ https://github.com/advisories/GHSA-prc3-vjfx-vhm9 │ n ║ [2023-04-26T19:08:48.265Z] ║ 1089210 │ angular │ angular vulnerable to regular expression denial of │ angular │ moderate │ https://github.com/advisories/GHSA-m2h2-264f-f486 │ n ║ [2023-04-26T19:08:48.265Z] ║ │ │ service (ReDoS) │ │ │ │ ║ [2023-04-26T19:08:48.265Z] ║ 1091652 │ decode-uri-component │ decode-uri-component vulnerable to Denial of │ decode-uri-component │ high │ https://github.com/advisories/GHSA-w573-4hg7-7wgq │ n ║ [2023-04-26T19:08:48.265Z] ║ │ │ Service (DoS) │ │ │ │ ║ [2023-04-26T19:08:48.265Z] ║ 1091181 │ glob-parent │ glob-parent before 5.1.2 vulnerable to Regular │ glob-parent │ high │ https://github.com/advisories/GHSA-ww39-953v-wcq6 │ y ║ [2023-04-26T19:08:48.265Z] ║ │ │ Expression Denial of Service in enclosure regex │ │ │ │ ║ [2023-04-26T19:08:48.265Z] ║ 1091725 │ request │ Server-Side Request Forgery in Request │ request │ moderate │ https://github.com/advisories/GHSA-p8p7-x288-28g6 │ n ║ [2023-04-26T19:08:48.265Z] ╚═════════╧══════════════════════╧════════════════════════════════════════════════════╧══════════════════════╧══════════╧═══════════════════════════════════════════════════╧═════╝ [2023-04-26T19:08:48.265Z] [2023-04-26T19:08:48.265Z] 1 vulnerabilities found. Node security advisories: 1091652 script returned exit code 1
Updated by Alexis Mousset 12 months ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset 12 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/4778
Updated by Alexis Mousset 12 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|03212322565d0fd2089980d62f798b4dc55a9f16.
Updated by Vincent MEMBRÉ 12 months ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.3.1 which was released today.
Actions